\section{Threat Model}

This section discusses the threat model of our approach and presents some examples of privacy policies and malicious behaviors our tool can enforce and detect.

\subsection{Mobile User Privacy}

\ourtool aims to prevent malicious leakage of sensitive information stored on mobile devices, which includes:

\begin{itemize}

\item Private information retrieved from Android framework APIs, such as device ID, contacts and GPS location. 

\item Files stored on the devices, such as pictures stored at \CodeIn{$\backslash$sdcard$\backslash$Camera} (the default location where camera pictures are stored on most Android devices.)

\item Sensitive information the app can receive through system wide broadcasts, such as incoming SMS messages.

\end{itemize}

By contrast, \ourtool currently does not treat user inputs to the app as private information. For example, malicious online chatting app might secretly send users' private messages to the attacker. 

%\todo{talk about why we don't do it. extremely app specific privacy policy and manual categorization of different user inputs into different sources??}

\subsection{Other attacks}

While private information leakage is one of the big problems in mobile privacy and security, a recent survey showed~\cite{androidgenome} that over 50\% of the Android malware have some sort private information collection capability. However, there are also other mobile security threats, including but not limited to:
\begin{itemize}

\item Secretly sending SMS messages to subscribe for premium service
\item OS level attacks that try to gain arbitrary code execution, such as buffer overflow and kernel vulnerability exploit
\item Social engineering attacks
\item Malicious data tempering, such as a malware showing the incorrect GPS coordinate to the user
\item Dental of service attacks, such as battery or CPU cycle exhaustion

\end{itemize}

While these attacks are also common, there require entirely different approaches to detect and there are already existing works that focus specifically on them. As a result, we consider out of scope to our project.

%\sai{add a few sentence or cite other ppl's work to say the above attacks are relatively rare}
%\todo{they are actually quite common, but there are already tools that try to deal with some of these specific attacks}
